Revert of Move more utility functions to arc_util.

chrome/browser/chromeos/arc/arc_session_manager.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
 
 #include <utility>
 
 #include "ash/common/shelf/shelf_delegate.h"
 #include "ash/common/wm_shell.h"
 #include "base/bind.h"
 #include "base/callback_helpers.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/string16.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "chrome/browser/chromeos/arc/arc_auth_context.h"
 #include "chrome/browser/chromeos/arc/arc_auth_notification.h"
 #include "chrome/browser/chromeos/arc/arc_optin_uma.h"
 #include "chrome/browser/chromeos/arc/arc_support_host.h"
-#include "chrome/browser/chromeos/arc/arc_util.h"
 #include "chrome/browser/chromeos/arc/optin/arc_terms_of_service_negotiator.h"
 #include "chrome/browser/chromeos/arc/policy/arc_android_management_checker.h"
 #include "chrome/browser/chromeos/arc/policy/arc_policy_util.h"
+#include "chrome/browser/chromeos/login/user_flow.h"
+#include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chrome/browser/policy/profile_policy_connector.h"
 #include "chrome/browser/policy/profile_policy_connector_factory.h"
 #include "chrome/browser/prefs/pref_service_syncable_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/app_list/arc/arc_app_launcher.h"
 #include "chrome/browser/ui/app_list/arc/arc_app_utils.h"
 #include "chrome/browser/ui/ash/multi_user/multi_user_util.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/generated_resources.h"
 #include "chromeos/chromeos_switches.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "components/arc/arc_bridge_service.h"
 #include "components/arc/arc_session_runner.h"
 #include "components/arc/arc_util.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/prefs/pref_service.h"
 #include "components/sync_preferences/pref_service_syncable.h"
+#include "components/user_manager/user.h"
 #include "content/public/browser/browser_thread.h"
 #include "extensions/browser/extension_prefs.h"
 
 namespace arc {
 
 namespace {
 
 // Weak pointer.  This class is owned by ArcServiceManager.
 ArcSessionManager* g_arc_session_manager = nullptr;
 
 // Skip creating UI in unit tests
 bool g_disable_ui_for_testing = false;
 
 // Use specified ash::ShelfDelegate for unit tests.
 ash::ShelfDelegate* g_shelf_delegate_for_testing = nullptr;
 
 // The Android management check is disabled by default, it's used only for
 // testing.
 bool g_enable_check_android_management_for_testing = false;
 
+// Let IsAllowedForProfile() return "false" for any profile.
+bool g_disallow_for_testing = false;
+
 // Maximum amount of time we'll wait for ARC to finish booting up. Once this
 // timeout expires, keep ARC running in case the user wants to file feedback,
 // but present the UI to try again.
 constexpr base::TimeDelta kArcSignInTimeout = base::TimeDelta::FromMinutes(5);
 
 ash::ShelfDelegate* GetShelfDelegate() {
   if (g_shelf_delegate_for_testing)
     return g_shelf_delegate_for_testing;
   if (ash::WmShell::HasInstance()) {
     DCHECK(ash::WmShell::Get()->shelf_delegate());
@@ skipping 49 matching lines @@
   g_disable_ui_for_testing = true;
 }
 
 // static
 void ArcSessionManager::SetShelfDelegateForTesting(
     ash::ShelfDelegate* shelf_delegate) {
   g_shelf_delegate_for_testing = shelf_delegate;
 }
 
 // static
+bool ArcSessionManager::IsOptInVerificationDisabled() {
+  return base::CommandLine::ForCurrentProcess()->HasSwitch(
+      chromeos::switches::kDisableArcOptInVerification);
+}
+
+// static
 void ArcSessionManager::EnableCheckAndroidManagementForTesting() {
   g_enable_check_android_management_for_testing = true;
 }
 
+// static
+bool ArcSessionManager::IsAllowedForProfile(const Profile* profile) {
+  if (g_disallow_for_testing) {
+    VLOG(1) << "ARC is disallowed for testing.";
+    return false;
+  }
+
+  if (!IsArcAvailable()) {
+    VLOG(1) << "ARC is not available.";
+    return false;
+  }
+
+  if (!profile) {
+    VLOG(1) << "ARC is not supported for systems without profile.";
+    return false;
+  }
+
+  if (!chromeos::ProfileHelper::IsPrimaryProfile(profile)) {
+    VLOG(1) << "Non-primary users are not supported in ARC.";
+    return false;
+  }
+
+  // IsPrimaryProfile can return true for an incognito profile corresponding
+  // to the primary profile, but ARC does not support it.
+  if (profile->IsOffTheRecord()) {
+    VLOG(1) << "Incognito profile is not supported in ARC.";
+    return false;
+  }
+
+  if (profile->IsLegacySupervised()) {
+    VLOG(1) << "Supervised users are not supported in ARC.";
+    return false;
+  }
+
+  user_manager::User const* const user =
+      chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
+  if ((!user || !user->HasGaiaAccount()) && !IsArcKioskMode()) {
+    VLOG(1) << "Users without GAIA accounts are not supported in ARC.";
+    return false;
+  }
+
+  chromeos::UserFlow* user_flow =
+      chromeos::ChromeUserManager::Get()->GetUserFlow(user->GetAccountId());
+  if (!user_flow || !user_flow->CanStartArc()) {
+    VLOG(1) << "ARC is not allowed in the current user flow.";
+    return false;
+  }
+
+  if (user_manager::UserManager::Get()
+          ->IsCurrentUserCryptohomeDataEphemeral()) {
+    VLOG(2) << "Users with ephemeral data are not supported in ARC.";
+    return false;
+  }
+
+  return true;
+}
+
+// static
+void ArcSessionManager::DisallowForTesting() {
+  g_disallow_for_testing = true;
+}
+
+// static
+bool ArcSessionManager::IsArcKioskMode() {
+  return user_manager::UserManager::Get()->IsLoggedInAsArcKioskApp();
+}
+
 void ArcSessionManager::OnSessionReady() {
   for (auto& observer : arc_session_observer_list_)
     observer.OnSessionReady();
 }
 
 void ArcSessionManager::OnSessionStopped(StopReason reason) {
   // TODO(crbug.com/625923): Use |reason| to report more detailed errors.
   if (arc_sign_in_timer_.IsRunning())
     OnProvisioningFinished(ProvisioningResult::ARC_STOPPED);
 
@@ skipping 128 matching lines @@
   if (result == ProvisioningResult::SUCCESS) {
     if (support_host_)
       support_host_->Close();
 
     if (profile_->GetPrefs()->GetBoolean(prefs::kArcSignedIn))
       return;
 
     profile_->GetPrefs()->SetBoolean(prefs::kArcSignedIn, true);
     // Don't show Play Store app for ARC Kiosk because the only one UI in kiosk
     // mode must be the kiosk app and device is not needed for opt-in.
-    if (!IsArcOptInVerificationDisabled() && !IsArcKioskMode()) {
+    if (!IsOptInVerificationDisabled() && !IsArcKioskMode()) {
       playstore_launcher_.reset(
           new ArcAppLauncher(profile_, kPlayStoreAppId, true));
     }
 
     for (auto& observer : observer_list_)
       observer.OnArcInitialStart();
     return;
   }
 
   ArcSupportHost::Error error;
@@ skipping 63 matching lines @@
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   return profile_ != nullptr;
 }
 
 void ArcSessionManager::OnPrimaryUserProfilePrepared(Profile* profile) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   DCHECK(profile && profile != profile_);
 
   Shutdown();
 
-  if (!IsArcAllowedForProfile(profile))
+  if (!IsAllowedForProfile(profile))
     return;
 
-  // TODO(khmel): Move this to IsArcAllowedForProfile.
+  // TODO(khmel): Move this to IsAllowedForProfile.
   if (policy_util::IsArcDisabledForEnterprise() &&
       policy_util::IsAccountManaged(profile)) {
     VLOG(2) << "Enterprise users are not supported in ARC.";
     return;
   }
 
   profile_ = profile;
 
   // Create the support host at initialization. Note that, practically,
   // ARC support Chrome app is rarely used (only opt-in and re-auth flow).
   // So, it may be better to initialize it lazily.
   // TODO(hidehiko): Revisit to think about lazy initialization.
   //
   // Don't show UI for ARC Kiosk because the only one UI in kiosk mode must
   // be the kiosk app. In case of error the UI will be useless as well, because
   // in typical use case there will be no one nearby the kiosk device, who can
   // do some action to solve the problem be means of UI.
-  if (!g_disable_ui_for_testing && !IsArcOptInVerificationDisabled() &&
+  if (!g_disable_ui_for_testing && !IsOptInVerificationDisabled() &&
       !IsArcKioskMode()) {
     DCHECK(!support_host_);
     support_host_ = base::MakeUnique<ArcSupportHost>(profile_);
     support_host_->AddObserver(this);
   }
 
   DCHECK_EQ(State::NOT_INITIALIZED, state_);
   SetState(State::STOPPED);
 
   PrefServiceSyncableFromProfile(profile_)->AddSyncedPrefObserver(
@@ skipping 141 matching lines @@
   // TODO(poromov): Move to more Kiosk dedicated set-up phase.
   if (IsArcKioskMode())
     profile_->GetPrefs()->SetBoolean(prefs::kArcTermsAccepted, true);
 
   // If it is marked that sign in has been successfully done, then directly
   // start ARC.
   // For testing, and for Kisok mode, we also skip ToS negotiation procedure.
   // For backward compatibility, this check needs to be prior to the
   // kArcTermsAccepted check below.
   if (profile_->GetPrefs()->GetBoolean(prefs::kArcSignedIn) ||
-      IsArcOptInVerificationDisabled() || IsArcKioskMode()) {
+      IsOptInVerificationDisabled() || IsArcKioskMode()) {
     StartArc();
 
     // Skip Android management check for testing.
     // We also skip if Android management check for Kiosk mode,
     // because there are no managed human users for Kiosk exist.
-    if (IsArcOptInVerificationDisabled() || IsArcKioskMode() ||
+    if (IsOptInVerificationDisabled() || IsArcKioskMode() ||
         (g_disable_ui_for_testing &&
          !g_enable_check_android_management_for_testing)) {
       return;
     }
 
     // Check Android management in parallel.
     // Note: Because the callback may be called in synchronous way (i.e. called
     // on the same stack), StartCheck() needs to be called *after* StartArc().
     // Otherwise, DisableArc() which may be called in
     // OnBackgroundAndroidManagementChecked() could be ignored.
@@ skipping 368 matching lines @@
       return os << "ACTIVE";
   }
 
   // Some compiler reports an error even if all values of an enum-class are
   // covered indivisually in a switch statement.
   NOTREACHED();
   return os;
 }
 
 }  // namespace arc